MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66c00d5e1532a99fab52a11cada3080b96deff11c819139bede08a3568d4a5cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66c00d5e1532a99fab52a11cada3080b96deff11c819139bede08a3568d4a5cb
SHA3-384 hash: 24b5f3d4a1421907342889dd4d3c532cd2fdceec9d91e73cfb72889b650966c9c4bfa2fb4d39dc99d35192257a020cb0
SHA1 hash: d29a1a57f69455ec0bbdb53a3d10cdf3c07c9d38
MD5 hash: a26723ee2081f9be0302b33fe780e1c9
humanhash: two-floor-zulu-hydrogen
File name:a26723ee2081f9be0302b33fe780e1c9
Download: download sample
File size:212'992 bytes
First seen:2020-11-17 12:08:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit)
ssdeep 6144:v0YrsL0nxP2CCfnX7mL4XnFvYWKw3oGdKNS6heZvJKf/kEj1:v0YrsL0nxEP/vRIG0NS6heZvJKf/kC
Threatray 92 similar samples on MalwareBazaar
TLSH 2F249E0377A4CA82D86B03319CFE97B98A35FC519FB983173152339FA9B1B586D24B50
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Razy-9759519-0
Create hunting rule

Win.Malware.Zusy-9759529-0
Create hunting rule

Win.Trojan.Agent-1381405
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the Windows directory
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows subdirectories
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66c00d5e1532a99fab52a11cada3080b96deff11c819139bede08a3568d4a5cb/
Threat name:
Win32.Trojan.Aenjaris
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 00:40:00 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d81c64a88e6a5be04fe2b01fd872b7990c4e65becb31f1c5ad578dadff81a07
14da1a1ccadf50f6599e7889e37627b7ebe383b1b482029f94cea57336e864b7
243622c63f013c1ce6779a8539daffc7cf3e40d64b2a1df6ef2e22b85e9be92d
2c1e6769208a36e6f5751565dd448673275c2a703aedeef144e49b7789cc9d95
47dcda5499db88280fe655b4a7e07589327074a489bd4d3f8abc6e2ce683dbc9
798e842411486fafd06c7bb156cfb9648c71a627f39b2f2ff94001092886987a
96ddebc097e2655621326374b0c6c4aa7dcf47ff97b5496b0bb136fdf8d2b130
9dc9e84417abae2d03346b9855469e751126477b52412bf9eff8f7aa09bb35ab
c2205d73ef491fdebfed566b39b5a7f0a0a782c2b0c37e4b08a01f6d93830d24
e464444282c39c8c849b32e50864ac28b2edb9d3ccf880a65d68db1b0c3e31dc
+ 82 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-y4c6685m7e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
66c00d5e1532a99fab52a11cada3080b96deff11c819139bede08a3568d4a5cb
MD5 hash:
a26723ee2081f9be0302b33fe780e1c9
SHA1 hash:
d29a1a57f69455ec0bbdb53a3d10cdf3c07c9d38
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
02bfd0eda7b7d8dae1775e8f4fc483fb1fb4dbe7a65afad1b35d90d7afe375e6
MD5 hash:
0da71c3ab1992a089fbb7a3ab4fa6f1d
SHA1 hash:
68a77e390d097d1344c5f1a05f2374efeeb78a92
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
173ded3ea35522e7a4d092aef034a37c77d2cc070d077bec9484b90fb8436a2e
MD5 hash:
e1cff90a4ba1a7649e303e853c96e80a
SHA1 hash:
713b480b7a1f54dea86d5c3dd4c3107d7c49aa9d
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
d1905df57d63dbf114e632695748e627cc7f51938802b6fc4f7fd0a75b66ee4e
MD5 hash:
ab02f324878ae4a98fbd8c735962864f
SHA1 hash:
f71dda4229a1514b2b5d0d4157d5222e948b7a46
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
4994c68a8e615815490934f38735ce401506c1e9d9550fdde607bfb94a423181
MD5 hash:
34076da33d6f1072942c5fe87be66324
SHA1 hash:
3d1874ab77ef873641aad1d59b03c0b0b9b2bbff
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
c1b1e5547856b0001e13c7b386a7037f206f4a17bcec2f9cab625d8596fdfb37
MD5 hash:
ea133cfcebdbd8ba53c792e50685beba
SHA1 hash:
08e13a6c2ce17050824aa0349288e83c1f743389
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
65b095831c8abb6402f1c030b7e9a0fe76900b166c40787bf8b82e74b3c28372
MD5 hash:
5b879d6c4ec1d9c4de4b5168d8cd2f86
SHA1 hash:
a0253ebd0d90242d7b2e69368cb2822c8e52332c
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
f25adb5edb62851c583ac82e8f83861851b3268117bf0fe903f47cf99d4206e5
MD5 hash:
b4cd7bc47c2c9d9302bc419434f25f0e
SHA1 hash:
847f6be2ae60fcc60d5444687c61dc459dbcc76e
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
9813b58713eb4bf0c1b37a4e07fafceb30d11e2785cf406205a4c2b6bc393fad
MD5 hash:
41e7201732b8272835b288234c177244
SHA1 hash:
8a51e5569d67b027d72dbc3e74a2636f22083c7a
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
d19197dadae2f56da8c7d76471787d76fbc9c29774eadeadd676cb338d231221
MD5 hash:
e4787170ab83ed7cdf240b16653edbd7
SHA1 hash:
a1b5f3f8b341d9be7f228f3ad9ab171cd882c06a
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
SH256 hash:
a0bad838dd60aadfbfe8cba290674d1914bc98d77bbcfd6f3f83564a96e0bb15
MD5 hash:
6ee6eb366b40197412e16a4e0f20470b
SHA1 hash:
d3d1f10f203b2c4e1f5b6f1912cee1cb0071b7ae
Link:
https://www.unpac.me/results/e869ddbc-d9e3-4fd2-a7ca-8edf25419636/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments